Updating my system a month ago gives me this issue with any openconnect connections: DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Error in the push function. (Is a firewall preventing you from sending UDP packets?) DTLS handshake failed: Error in the push function. (Is a firewall preventing you from sending UDP packets?) DTLS handshake failed: Resource temporarily unavailable, try again. DTLS handshake failed: Error in the push function. (Is a firewall preventing you from sending UDP packets?) I tried to disable firewalld, no effect. Loosing connection. Please, check openconnect again.
Portage 3.0.28 (python 3.9.8-final-0, default/linux/amd64/17.1/desktop/systemd, gcc-11.2.0, glibc-2.33-r7, 5.10.76-gentoo-r1-x86_64 x86_64) ================================================================= System uname: Linux-5.10.76-gentoo-r1-x86_64-x86_64-AMD_Ryzen_5_4500U_with_Radeon_Graphics-with-glibc2.33 KiB Mem: 32295872 total, 25913664 free KiB Swap: 63509500 total, 63509500 free Timestamp of repository gentoo: Thu, 18 Nov 2021 08:00:01 +0000 Head commit of repository gentoo: bdffa54771aabf15cee4ebde6a23ab96188043cf Head commit of repository tlp: 96db20c75e0f9a934013a77c573f16b8d598f193 sh bash 5.1_p8 ld GNU ld (Gentoo 2.37_p1 p0) 2.37 app-shells/bash: 5.1_p8::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.34.0-r3::gentoo dev-lang/python: 3.8.12_p1::gentoo, 3.9.8::gentoo dev-lang/rust: 1.56.1::gentoo dev-util/cmake: 3.20.5::gentoo sys-apps/baselayout: 2.7-r3::gentoo sys-apps/sandbox: 2.25::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.71-r1::gentoo sys-devel/automake: 1.16.4::gentoo sys-devel/binutils: 2.37_p1::gentoo sys-devel/gcc: 11.2.0::gentoo sys-devel/gcc-config: 2.4::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers) sys-libs/glibc: 2.33-r7::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 tlp location: /var/db/repos/tlp sync-type: git sync-uri: https://github.com/dywisor/tlp-portage masters: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="https://ftp.linux.org.tr/gentoo/ rsync://ftp.linux.org.tr/gentoo-distfiles/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl acpi alsa amd64 bluetooth branding bzip2 cairo cdda cdr cli crypt cups dbus dri dts dvd dvdr emboss encode exif flac fortran gdbm gif gpm gui iconv icu ipv6 jpeg lcms libglvnd libnotify libtirpc mad mng mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf png policykit ppds pulseaudio readline sdl seccomp spell split-usr ssl startup-notification svg systemd tiff truetype udev udisks unicode upower usb vorbis wxwidgets x264 xattr xcb xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2019" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
With net-vpn/openconnect-8.10-r6[gnutls] and net-libs/gnutls-3.7.2, I get this message when connecting to a Cisco device: Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Set up UDP failed; using SSL instead Connected as 10.170.243.158, using SSL, with DTLS disabled With net-vpn/openconnect-8.10-r6[-gnutls] and dev-libs/openssl-1.1.1l-r1, it works fine: Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as 10.170.243.177, using SSL, with DTLS in progress Established DTLS connection (using OpenSSL). Ciphersuite DTLSv1.2-DHE-RSA-AES256-SHA256. Can you try rebuilding net-vpn/openconnect with the gnutls USE flag disabled?
net-vpn/opneconnect-9999[gnutls] also works fine. Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1). Configured as 10.170.243.179, with SSL connected and DTLS connected
(In reply to Mike Gilbert from comment #3) > net-vpn/opneconnect-9999[gnutls] also works fine. > > Got CONNECT response: HTTP/1.1 200 OK > CSTP connected. DPD 30, Keepalive 20 > Established DTLS connection (using GnuTLS). Ciphersuite > (DTLS1.2)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1). > Configured as 10.170.243.179, with SSL connected and DTLS connected X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-CSTP-MTU: 1300 X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-Client-Bypass-Protocol: false X-CSTP-TCP-Keepalive: true X-CSTP-Post-Auth-XML: <elided> CSTP connected. DPD 30, Keepalive 20 Connected as 10.170.241.15, using SSL, with DTLS disabled Thanks for solution. Tried to rebuild without gnutls and saw the same messages. Turned gnutls back and now I am trying to live without DTLS enabled and verbose. Need some time to observe connection status. A couple of minutes looks promising: Send CSTP Keepalive Send CSTP Keepalive Send CSTP DPD Got CSTP DPD response Send CSTP Keepalive Send CSTP DPD Got CSTP DPD response Send CSTP Keepalive Send CSTP Keepalive Send CSTP DPD Got CSTP DPD response I will mark this issue as resolved and reopen it, if something bad will happen with my connection. Looks like disabling DTLS works for me.
Working a while with this settings I noticed a problem. After making connection with openconnect and approx. 30 minutes later, 2 DNS servers disappeared from /etc/resolv.conf. So I need to reconnect again to bring DNS working back. Is it openconnect related problem and my new settings consequences?
As far as I know, openconnect does not update resolv.conf after the initial connection.
